bind

I was little worried about judges for Mozilla’z Guinness World Record attempt. However, Firefox team is lucky to have Paul Vixie of the Internet Systems Consortium and Corey Shields of Indiana University as judges. Paul is well known as the author of Vixie cron and DNS BIND server daemon. Corey has made contributions to many open source projects including Mozilla and the Gentoo Linux.

An updated caching-nameserver package that fixes a bug is now available under Red Hat Enterprise Linux.

The caching-nameserver package includes the configuration files that will make BIND, the DNS name server, act as a simple caching nameserver. Many users on dial-up connections use this package along with BIND for this purpose. The address of L root server have been updated. All users of caching-nameserver should upgrade to this updated package, which resolves this issue.

One of my client runs dedicated NS1 and NS2 to host more than 3000+ domains. Recently they upgraded their servers to latest Dual Core Dual AMD server with CentOS 5.0 and BIND server.

By default BIND / named will try to determine the number of CPUs present and create one thread per CPU. If it is unable to determine the number of CPUs, a single worker thread will be created. However due to some reason the BIND server failed to automatically utilize all of the system’s available CPUs. So how do you force DNS Server to take advantage of multiple CPUs under CentOS Linux?

After a little investigation, named man page pointed out me in right direction ~ -n #CPU option, which creates #cpus worker threads to take advantage of multiple CPUs.

Force BIND DNS Server to take advantage of multiple CPUs

In order to enable multiple CPU open /etc/sysconfig/named file under CentOS / RHEL / Fedora Linux:# vi /etc/sysconfig/named To force bind to take advantage of 4 CPUs, add / modify as follows:OPTIONS="-n 4" Save and close the file. Restart named service:# /etc/init.d/named restart

If you would like to run wikipedia / sf.net like site, you can use this technique. You can use mod_proxy or standard mod_fastcgi for this purpose.

How it works?

You need to use spawn-fcgi binary that spawns fastcgi processes. With spawn-fcgi you can bind php to particular port or unix-domain socket (little fast as compare to tcp port). It will take off some load from the webserver you have to control the FastCGI process by a external program like spawn-fcgi.

The domain name service provided by BIND (named) software. It uses both UDP and TCP protocol and listen on port 53. DNS queries less than 512 bytes are transferred using UDP protocol and large queries are handled by TCP protocol such as zone transfer.

i) named/bind server â€“ TCP/UDP port 53

ii)Client (browser, dig etc) â€“ port > 1023

Allow outgoing DNS client request:

Following iptables rules can be added to your shell script.

SERVER_IP is your server ip address

DNS_SERVER stores the nameserver (DNS) IP address provided by ISP or your own name servers.

Following rules are useful when you run single web/smtp server or even DSL/LL/dialup Internet connections:

BIND is the Berkeley Internet Name Domain, DNS server. It is wildly used on UNIX and Linux like oses. You can use following tools to troubleshoot bind related problems under UNIX or Linux oses.

Task: Port 53 open and listing requests

By default BIND listen DNS queries on port 53. So make sure port 53 is open and listing user requests. by running any one of the following tests. See if you can telnet to port 53 from remote computer:$ telnet remote-server-ip 53 ORtelnet ns1.nixcraft.org domain Output:

Trying 192.168.0.5...
Connected to ns1.nixcraft.org.
Escape character is '^]'.

If you cannot connect make sure firewall is not blocking your requests. Next use netstat command to list open and listing port 53 on server itself:$ netstat -tulpn | grep :53 OR# netstat -atve Output:

Make sure iptables firewall is not blocking request on server:# iptables -L -n OR# iptables -L -n | less Make sure named is running:# /etc/init.d/named status If not start named:# chkconfig named on # service named start

Task: Use log files

You can use log files after starting/restarting bind to see error messages:# tail â€“f /var/log/message Output:

Plesse note that if named-checkconf did not find any errors it will not display in output on screen.

Check zone file syntax for errors. named-checkzone is zone file validity checking tool. named-checkzone checks the syntax and integrity of a zone file. It performs the same checks as named does when loading a zone. This makes named checkzone useful for checking zone files before configuring them into a name server.# named-checkzone localhost /var/named/localhost.zone OR#named-checkzone nixcraft.org /var/named/nixcraft.org.zone Output:

zone nixcraft.org/IN: loaded serial 12
OK

Task: Testing BIND/DNS with utilities

You can use host and dig utilties to test your bind configuration.

host: host is a simple utility for performing DNS lookups. It is normally used to convert names to IP addresses and vice versa.

dig: dig (domain information groper) is a flexible tool for interrogating DNS name servers. It performs DNS lookups and displays the answers that are returned from the name server(s) that were queried. Most DNS administrators use dig to troubleshoot DNS problems because of its flexibility, ease of use and clarity of output. Other lookup tools tend to have less functionality than dig.